It used to be a luxury to own a smartphone. Now everyone seems to have one, and can't seem to do their jobs without it. As the number of apps proliferate and the market floods with the latest flavor of BlackBerry, iPhone, Droid, etc., IT security shops face the fairly new problem of keeping mobile-phone-based malware out of their networks.
Here is a collection of dos and don'ts from five experts on securing mobile phones.
[ Keep up on tech news and reviews from your smartphone at infoworldmobile.com. | See which smartphone is right for you in our mobile "deathmatch" calculator. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Joe Brown information systems security engineer, CISSP, McAfee
There are AV packages available for most smartphones. Same use caveats apply for phones as PCs -- If you don't recognize the sender, or there is a suspicious attachment, don't open it. Be careful where you surf. Some Web proxies do support mobile devices.
Bluetooth is evil! Control your bluetooth footprint. With iPhone, Droid, and BB there are now products that can control the ability to add applications (think white listing or common operating environments).
Derek Schatz, senior security architect for a company in Orange County, Calif.
1. Only deploy devices that can support key features like encryption, remote wipe, and password locking.
2. Create specific security policy and procedure items for mobile devices that govern acceptable use, responsibilities (e.g. what to do if device is lost or stolen), etc.
3. Monitor security vulnerability tracking feeds for new attacks on mobile devices.
4. Ensure devices in the field can be updated quickly to fix security issues.
1. Assume smartphones should only be given to senior management. Many staff-level positions can become much more productive with these tools.
2. Deploy devices for enterprise use without proper protections and control. The loss of proprietary information can be very costly to the business.
Michael Schuler, Chicago-based systems administrator
1. Define the purpose of having smartphones in the environment.
2. Define the best roles for having smartphones in the environment.
a. Human resources should have a big part in this. Especially when it comes to salaried employees.
3. Evaluate the products for security/performance features that fit your market.
a. Certain products/devices may not meet the security requirements of financial or government institutions.
b. How well does the product integrate with our existing infrastructure.
4. Implement security policies based on what was determined from Step 3.
5. Define what level of support you plan to provide if implementing different types of smartphones.